High threat detection after installing BI 5

Post Reply
RickJamesBish
Posts: 5
Joined: Fri Oct 06, 2023 6:18 pm

High threat detection after installing BI 5

Post by RickJamesBish »

My gateway runs threat detection and typically I get around 14 detections per week. As soon as I installed BI 5, detections increased to nearly 90 per day (over 600 per week). The largest percentage of them are incoming detections. To see if BI 5 was the root of the issue, I stopped running it for two days and detections returned to just a couple per day. When I set BI 5 up, I left everything at default. Are there any settings or steps I can take to address this issue? The BI 5 install came direclty from the link on BI site.

Thank you.
IAmATeaf
Posts: 466
Joined: Mon Jun 17, 2019 7:48 pm

Re: High threat detection after installing BI 5

Post by IAmATeaf »

What type of detections are they?

Also have you port forwarded BI for remote access?
RickJamesBish
Posts: 5
Joined: Fri Oct 06, 2023 6:18 pm

Re: High threat detection after installing BI 5

Post by RickJamesBish »

IAmATeaf wrote: Tue Oct 17, 2023 12:33 pm What type of detections are they?

Also have you port forwarded BI for remote access?
I have port forwarded for remote access but this was occurring prior to doing so. The most dominate is listed below.

Detection Category Emerging-Exploits
Signature ET Exploit GraphQL Introspection
Query Attempt
Originating from 5.181.234.133 New York

They may not be a concern. I don't know. This one is frequent, triggering multiple times per second.


New York, United States
Oct 15, 2023 11:27:25 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:25 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:25 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:25 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:25 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:24 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:24 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:24 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:24 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:24 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:23 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:23 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:23 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:23 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:23 PM
RickJamesBish
5.181.234.133
New York, United States
Oct 15, 2023 11:27:22 PM
RickJamesBish
5.181.234.133
louyo
Posts: 161
Joined: Sat Apr 18, 2020 1:16 am

Re: High threat detection after installing BI 5

Post by louyo »

Anything ring a bell?

lou@debian11:~$ whois -B 5.181.234.133
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://apps.db.ripe.net/docs/HTML-Terms-And-Conditions

% Information related to '5.181.234.0 - 5.181.234.255'

% Abuse contact for '5.181.234.0 - 5.181.234.255' is 'abuse@m247.ro'

inetnum: 5.181.234.0 - 5.181.234.255
netname: M247-LTD-NewYork
descr: M247 LTD New York Infrastructure
country: US
geoloc: 40.7175544 -74.0083725
admin-c: NYC-RIPE
tech-c: NYC-RIPE
status: ASSIGNED PA
mnt-by: GLOBALAXS-MNT
created: 2019-04-09T08:43:01Z
last-modified: 2019-04-09T08:43:01Z
source: RIPE
remarks: --------------LEGAL CONCERNS-----------------------------
remarks: For any legal requests, please send an email
remarks: to ro-legal@m247.com for a maximum 48hours response.
remarks: ---------------------------------------------------------

role: GLOBALAXS NYC NOC
address: Equinix NY8 60 Hudson Street, Suite 1602, 10013 New York, New York, USA
e-mail: nmc@m247.com
abuse-mailbox: abuse@m247.ro
nic-hdl: NYC-RIPE
mnt-by: GLOBALAXS-MNT
created: 2017-08-18T13:02:16Z
last-modified: 2018-11-16T09:45:29Z
source: RIPE

% Information related to '5.181.234.0/24AS9009'

route: 5.181.234.0/24
origin: AS9009
mnt-by: GLOBALAXS-MNT
created: 2019-04-09T08:08:52Z
last-modified: 2019-04-09T08:08:52Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.108 (ABERDEEN)
RickJamesBish
Posts: 5
Joined: Fri Oct 06, 2023 6:18 pm

Re: High threat detection after installing BI 5

Post by RickJamesBish »

louyo wrote: Wed Oct 18, 2023 10:06 am Anything ring a bell?
No, but the M247.com is goes to a cloud service website. I do know that I only get this when BlueIris is running. I can shut BlueIris down and run HIP2P Camera software in its place and I do not get these. Something in BlueIris is triggering it.
Post Reply